Is it safe to use the `Function` constructor to validate JavaScript syntax?

I would like to verify (client-side) that the user has entered valid JavaScript code.

Pulling in a Javascript parser (e.g. Acorn or Esprima) is a relatively heavy dependency. However (if CSP is not enabled), I could do:

try {
    new Function(userCode);
    return {valid: true}
} catch (e) {
    return {
        valid: false,
        error: e.message
    };
}

While this does use new Function, the user-provided code is never run, only parsed/compiled. Is there still a security issue?

Solution

This seems fine. Parsing/compiling JS code is safe and has no side effects (module resolution and loading does not apply in Function). We can be certain that JavaScript parsers used in modern browsers are pretty free of bugs.

How do I get the decimal places of a floating point number in Javascript?
TypeError: Cannot destructure property 'company' of 'jobs[value]' as it is undefined
How to get my system local ip using react js
How to insert MutationObserver into jQuery code
FCM Push notifications arrive twice if the browser is in background
Convert numbers to letters beyond the 26 character alphabet
Display API data from rapidapi in vue
What's an optimal or efficient way to detect a 'touch screen' device using JavaScript?
sqlite3 update query refreshes electron renderer process
How to convert string to date object in javascript?
React "Invalid Hook Call" error when I use useNavigation
RegExp to validate an HTTP header value
Node bcrypt's compare always returns false
How to match req.body with update query?
How can I determine a user's locale within the browser?
Angular: ng-container not displayed
How to insert a dynamic component inside a element in Angular
Why ngModel doesn't works on the last version of Angular 17?
Check if element class contains string using playwright
Make a link from Electron open in browser
How to get the mouse position without events (without moving the mouse)?
set cursor on empty tag
React Native Expo Router - Hiding the Stack header on home screen
Intercept calls to console.log in Chrome
Regex - check if input still has chances to become matching
What is the 'new' keyword in JavaScript?
How to stop live time in Javascript
Most efficient way to concatenate strings in JavaScript?
Get the size of the screen, current web page and browser window
process is undefined when trying to provide environment variables to client code through webpack